Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-57336

HyperShift operator fails to clear user-ca-bundle when additionalTrustBundle no longer set

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • 4.20.0
    • 4.20
    • HyperShift
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Moderate
    • None
    • None
    • None
    • None
    • Proposed
    • Bug Fix
    • Hide
      Before this update, the HyperShift Operator failed to clear the `user-ca-bundle` config map after the removal of the `additionalTrustBundle` parameter from the `HostedCluster` resource. As a consequence, the `user-ca-bundle` config map was not updated, resulting in failure to generate ignition payloads. With this release, the HyperShift Operator actively removes the `user-ca-bundle` config map from the control plane namespace when it is removed from the `HostedCluster` resource. As a result, the `user-ca-bundle` config map is now correctly cleared, enabling the generation of ignition payloads.
      Show
      Before this update, the HyperShift Operator failed to clear the `user-ca-bundle` config map after the removal of the `additionalTrustBundle` parameter from the `HostedCluster` resource. As a consequence, the `user-ca-bundle` config map was not updated, resulting in failure to generate ignition payloads. With this release, the HyperShift Operator actively removes the `user-ca-bundle` config map from the control plane namespace when it is removed from the `HostedCluster` resource. As a result, the `user-ca-bundle` config map is now correctly cleared, enabling the generation of ignition payloads.
    • None
    • None
    • None
    • None

      Description of problem:

          The HyperShift operator is failing to clear the contents of the user-ca-bundle configmap in the control plane namespace of a hosted cluster when the .spec.additionalTrustBundle field is no longer populated in the HostedCluster. This results in ignition failing to generate and not applying further changes such as proxy configuration.

      Version-Release number of selected component (if applicable):

          HyperShift operator at latest version (4.20)

      How reproducible:

          Always

      Steps to Reproduce:

          1. Create a HostedCluster populating the .spec.additionalTrustBundle field. Wait for the HostedCluster to come up.
    2. Modify the HostedCluster by removing the .additionalTrustBundle and changing some other setting such as Proxy trustBundle.
    3. Wait for the proxy change to rollout the nodes.

      Actual results:

          Proxy change never rolls out

      Expected results:

          Proxy change rolls out.

      Additional info:

         The rollout is stuck because the ignition server is failing to generate a new payload because the additionalTrustBundle hash no longer matches.

              cewong@redhat.com Cesar Wong
              cewong@redhat.com Cesar Wong
              None
              None
              Jie Zhao Jie Zhao
              None
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: